Most of the existing communication network authentication mechanisms employ a one-to-one and two-way authentication mode, including a single key based Authentication and Key Agreement (AKA) authentication mechanism and a public key based certificate authentication mechanism.
As shown in FIG. 1, the single key authentication mechanism includes: storing a shared key K both in a user node and a corresponding home server HLR/HSS (Home Location Register/Home Subscriber Server) node, and performing an interactive authentication with the corresponding home server node when the user accesses the network. The left part of FIG. 1 is a schematic view showing that users who are independent of each other perform authentications respectively, and the right part of FIG. 1 is a schematic view showing that a group of users who are associated with each other perform authentications respectively. The network side can only determine the identity of the user node which performs the interactive authentication after the authentication is passed, no matter whether there is an association relationship between the users.
The public key based certificate authentication mechanism includes: each of the user and the corresponding home server node may acquire its corresponding identity certificate and corresponding private key from a trusted third party Certificate Authority (CA) and may acquire a CA certificate for verifying the identity certificate of the other party; the user and the corresponding home sever verify each other's identity by sending their respective identity certificates when the user accesses the network; the user who possesses the valid certificate can access the network after the authentication is passed.
In conceiving the present invention, the inventor finds out that signaling interaction required by large numbers of user authentications will consume network resources and server's computing resources if there are large numbers of terminal nodes. Specifically, all of the existing authentications employ the one-to-one mode, and when there are large numbers of terminal nodes which have a same behavioral characteristic in the network, these terminal nodes sometimes need to access the network simultaneously, in this case, large numbers of network resources will be occupied, the network load will be increased and more server's computing resources will be consumed by large numbers of user authentications. As a result, the existing authentication mode is not appropriate for internet of things and may degrade the availability of services of the internet of things